View
213
Download
0
Category
Tags:
Preview:
Citation preview
1/26
Module C - Part 2
DOMINODetection Of greedy behavior in MAC layer of IEEE 802.11 public
NetwOrks
Prof. JP Hubaux
Mobile Networks
http://mobnet.epfl.ch
2/26
Outlines
Motivation
System model
Misbehavior techniques
Components of DOMINO (System for Detection Of
greedy behavior in the MAC layer of IEEE 802.11
public NetwOrks)
Simulation
Implementation
3/26
Motivation
Internet access through public hotspots
Problem: misuse of protocols
What about MAC-layer misbehavior?
– Considerable bandwidth gains
– Hidden from the upper layers
– Always usable
If the misbehavior is detected, the WISP can take
measures
How to detect?
4/26
System model
Infrastructure mode
DCF (Distributed Coordination Function)
Single trusted AP operated by a WISP
Misbehavior is greedy as opposed to malicious
DOMINO is implemented only at the AP
5/26
Example scenario
Well-behaved node CheaterWell-behaved node
DOMINO
6/26
IEEE 802.11 MAC – Brief reminder
7/26
Misbehavior techniques – Overview
Uplink traffic (stations AP)
– Example scenarios: backup, webcam, …
Downlink traffic (AP stations)
– Constitutes most of the wireless traffic
– Over 90% is TCP
– Example scenarios: Web browsing, FTP, video streaming, …
8/26
Uplink traffic – Frame scrambling
9/26
Solution: Number of retransmissions
Lost frames are retransmitted
Sequence numbers in the MAC header distinguish
retransmissions
Cheater’s retransmissions are fewer than those of
well-behaved stations
By counting retransmissions, the AP can single out
the cheater
10/26
Uplink traffic – Oversized NAV
11/26
Solution: Comparison of NAVs
AP measures the actual NAV and compares to the
received one
A repeated pattern of oversized NAVs distinguishes
the cheater
12/26
Uplink traffic – Short DIFS
13/26
Solution: Comparison of DIFS
The value of DIFS is constant and provided by the
IEEE 802.11 standard
A short DIFS cannot be but the result of cheating
14/26
Uplink traffic – Backoff
15/26
Solution (1/2): Actual backoff test
Compares the average actual backoff of each station to the average actual backoff of the AP
Collisions are not taken into account
Unsuitable for sources with interframe delays (e.g., due to TCP congestion control)
Transmissionfrom S
Transmissionfrom S
DIFS DIFS+
Measured actual backoff
...
Transmission(s) from other node(s)
16/26
Solution (2/2): Consecutive backoff test
Useful when cheaters have interframe delays (mainly TCP sources)
Does not work if the traffic is very high due to the lack of samples
Complementary to the actual backoff test
Transmission fromS
Transmission fromS
DIFS Consecutivebackoff
17/26
Internet
AP Well-behaved user
Cheater
Server
Server
Downlink traffic – TCP ACK scrambling
TCP DATA TCP ACK
Server receives no TCP ACK and slows down the TCP flow
Repeated scrambling kills the TCP connection
The AP receives less packets destined to the well-behaved station
Packets destined to the cheater are delayed less in AP’s queue
18/26
Internet
AP Well-behaved user
Cheater
Server
Server
TCP DATA scrambling with MAC forging
TCP DATA
Tries to kill the TCP connection like the previous attack
MAC ACK contains no source address
The forged MAC ACK prevents the AP from retransmitting the lost packet
MAC ACK
19/26
Solution: Dummy frame injection
AP periodically injects dummy frames destined to
non- existing stations
If it receives corresponding MAC ACKs, there is
cheating
Higher-layer mechanisms will identify the cheater
(e.g., by monitoring the TCP flows of stations)
20/26
Components of DOMINO
Consecutive backoff
Actual backoffBackoff manipulation
Comparison of the idle time after the last ACK with DIFS
Transmission before DIFS
Comparison of the declared and actual NAV values
Oversized NAV
Number of retransmissionsFrame scrambling
Detection testCheating method
Frame scrambling with MAC forging Periodic dummy frame injection
21/26
Simulation – Topology
ns-2
Backoff manipulation
CBR / UDP traffic
FTP / TCP traffic
misbehavior coefficient (m):
cheater chooses its backoff
from the fixed contention
window (1 - m) x CWmin
22/26
Simulation – DOMINO performance – UDP case
23/26
Simulation – DOMINO performance – TCP case
24/26
Implementation
Equipment
– Adapters based on the
Atheros AR5212 chipset
– MADWIFI driver
Misbehavior (backoff)
– Write to the register
containing CWmin and
CWmax (in driver)
Monitoring
– The driver in MONITOR mode
– prism2 frame header
AP DOMINO
Cheater Well-behaved
25/26
Implementation – Throughput
26/26
Implementation – Backoff and DOMINO
For more information:domino.epfl.ch
Recommended